阿尔卡特交换机常用命令

OmniSwitch查看日志的命令是：

格式：show log swlog [timestamp start_time [end_time]]

show log swlog timestamp 05/21/2015 11:30 05/21/2015 12:30

 

发现私自添加路由器导致DHCP分发

确认路由器IP，查到MAC，交换机搜寻到MAC对应的端口，关闭此端口

搜寻此路由器位置，掌握其管理员账户和密码，关闭DHCP功能。

 

show configuration snapshot

show vlan rules

 

添加网管交换机，MAC地址绑定0网段，ARP绑定

 

aaa authentication default local #开启所有服务，默认是关需要console进去设置

aaa authentication http local #开启http服务，默认是关需要console进去设置

aaa authentication telnet local #开启telnet服务，默认是关需要console进去设置

aaa authentication ftp local #开启ftp服务，默认是关需要console进去设置

 

ip interface "vlan 1" address 10.6.0.143 mask 255.255.255.0 vlan 1 ifindex 1

 

vlan port mobile 2/38 bpdu ignore enable

 

MAC地址绑定

 

arp 10.6.0.136 00:e0:b1:d8:16:19

 

vlan no port mobile 1/21

vlan 100 port default 1/21

mac-address-table permanent 00:1b:82:ff:03:e5 1/21 100

no mac-address-table permanent 00:1b:82:ff:03:e5 1/21 100

policy condition c1 source vlan 1000 destination ip 10.6.0.0 mask 255.255.0.0

policy condition c2 source vlan 101 destination ip 10.6.0.100

policy condition c3 source vlan 1010 destination ip 10.6.0.0 mask 255.255.0.0

policy condition c4 source vlan 20 destination ip 10.6.100.0 mask 255.255.255.0

policy condition c5 source vlan 1020 destination ip 10.6.0.0 mask 255.255.0.0

policy condition c6 source vlan 30 destination ip 10.6.100.0 mask 255.255.255.0

policy action a1 disposition drop

policy action a2 maximum bandwidth 128K

policy action a3 disposition deny

policy action flowshape maximum bandwidth 128K

policy rule r1 condition c1 action a1

policy rule r2 condition c3 action a1

policy rule r3 condition c4 action a3

policy rule r4 condition c2 action a3

policy rule r5 condition c5 action a1

policy rule r6 condition c6 action a3

qos apply

policy condition source1 source ip 10.6.1.253 mask 255.255.255.255

policy condition dest1 destination ip 10.6.1.253 mask 255.255.255.255

policy action No disposition deny

policy action Yes disposition accept

policy rule permitRule precedence 300 condition source1 action Yes reflexive

policy rule denyRule condition dest1 action No

qos apply

只允许pc访问指定的pc

qos enable

policy condition iptest source ip 10.6.4.226

policy condition iptest2 source ip 10.6.4.226 destination ip 10.6.4.51 mask 255.255.255.255

policy action NO disposition deny

policy action YES disposition accept

policy rule r1 precedence 100 condition iptest action NO

-> policy rule r2 precedence 200 condition iptest2 action YES

-> qos apply

 

-> no policy rule r1

-> no policy rule r2

-> no policy condition iptest

-> no policy condition iptest2

 

policy condition host42 source ip 10.6.100.42

-> no policy condition host42

-> policy condition host42 source ip 10.6.100.42 destination ip 10.6.100.0 mask 255.255.254.0

-> policy rule tmpno42 precedence 200 condition host42 action a1

-> qos apply

policy condition host10 source ip 10.6.100.42 destination ip 10.6.1.0 mask 255.255.255.0

-> policy rule no10 precedence 200 condition host10 action a1

-> qos apply

 

-> no policy rule no10

-> no policy rule tmpno42

-> qos apply

policy condition ip1010 source ip 192.168.11.0 mask 255.255.255.0 destination ip 10.6.0.98 mask 255.255.255.255
policy action a4 disposition accept
policy rule r2 condition ip1010 action a4

policy condition c3 source vlan 1010 destination ip 10.6.0.0 mask 255.255.0.0
policy rule r11 condition c3 action a1

no policy rule r2
no policy rule r11
no policy action a4
no policy action YES

qos apply

DHCP延迟最终解决

ip helper forward delay 0

 

查看直连设备的MAC地址

 

arp -a

 

snmp

 

-> user public password public read-write all no auth

 

-> snmp station 10.6.0.71 162 "public" v1 enable

 

snmpwalk -c public -v 2c 10.6.0.133

 

 

 

snmp community map "public" user "admin" on

 

snmp community map mode off

 

snmp security no security

 

aaa authentication snmp "local"

 

snmp station 10.6.0.71 162 "public" v1 enable

 

snmp authentication trap enable

 

user password-size min 5

 

snmp trap absorption enable

 

snmp trap to webview enable

 

 

 

ip helper no address 10.6.0.84 vlan 40

 

ip helper no address 10.6.0.84 vlan 1020

 

ip helper no address 10.6.0.73 vlan 10

 

ip helper no address 10.6.0.73 vlan 20

 

ip helper no address 10.6.0.73 vlan 30

 

ip helper no address 10.6.0.73 vlan 101

 

ip helper no address 10.6.0.73 vlan 1000

 

ip helper no address 10.6.0.73 vlan 1010

 

ip helper no address 10.6.0.73 vlan 1020

 

设置时区、时制、时间、日期、主机名、标书等：***************************************************

system timezone pst

system timezone zp8 (中国)

system daylight savings time enable

system time 18:35:00

system date 06/27/2002

system contact "JSmith X477 js@company.com"

system name "Engineering Switch 3"

system location "NMS Lab--NE Corner Rack"

*********************************************************

 

重新启动：

***********************************************************

reload working no rollback-timeout（立即重新启动）

reload primary in 3:03（定时重新启动主模块）

reload primary at 20:00 june 30（定时重新启动主模块）

reload primary cancel (取消重新启动主模块)

reload secondary (重新启动备管理模块)

reload cancel（取消重新启动）

************************************************************

 

保存配置：

************************************************************

copy running-config working or write memory（保存到主模块内存）

copy working certified(保存到备配置文件)

copy certified working（恢复配置文件）

copy flash-synchro（把配置文件同步到备管理模块）

*************************************************************

 

VLAN配置：

*************************************************************

 

vlan port mobile 2/38 bpdu ignore enable

vlan 10 创建vlan 10

vlan 10 name bangonglou 给为vlan 10取名

vlan 10 router ip 172.16.32.1 mask 255.255.255.0 给vlan配Router ip

vlan 10 prot default 1/1 1/1端口分配到vlan 10

 

vlan 10 port default 2/32

vlan 2 802.1q 8/1 8/1端口打上vlan 2的802.1q tag

vlan 2 no port default 3/1-5 从vlan 2 删除3/1-5的

ip interface "vlan-1" address 192.168.0.254 mask 255.255.255.0 vlan 1 给vlan1配置route ip

*************************************************************

 

常用维护命令：

*************************************************************

show micrcode  查看软件信息

show running-directory 查看交换机运行模式

show configuration snapshot all 查看所有配置

show history parameters 查看history参数

show history 查看历史信息

show vlan 查看vlan信息

show chassis 查看交换机机箱信息 MAC

show module 查看模块信息

show ni 查看ni信息

show cmm  查看管理模块信息

show system 查看系统信息

show seesion config

show dns

show ntp server status

show ntp client server-list

show ntp client

show reload

show reload status

show user

show hardware info

***********************************************************

 

文件操作命令：

**********************************************************

 

rm *.img

install *.img

 

cd

pwd

ls

cp

mkdir

rm

vi

move

chmod

delete

freespace

fsck

newfs

*****************************************************************

 

ACL配置：

****************************************************************

只允许192.168.10.0/24网段可以访问任意，而192.168.10.0/24不让任意网络访问：

-> policy condition source1 source ip 192.168.10.0 mask 255.255.255.0

-> policy condition dest1 destination ip 192.168.10.0 mask 255.255.255.0

-> policy action No disposition deny

-> policy action Yes disposition accept

-> policy rule permitRule precedence 300 condition source1 action Yes reflexive

-> policy rule denyRule condition dest1 action No

-> qos apply

******************************************************************

 

Avlan配置：

****************************************************************

   system name os6600

   vlan 1 router ip 192.168.1.1

   vlan 2 router ip 192.168.2.1

   vlan 2 enable

   vlan 2 authentication enable

 

   vlan port mobile 8/3

 

   vlan port 8/3 authentication enable

   aaa radius-server “rad1” host 192.168.1.254 key switch auth-port 1812 acct-port 1813

   aaa authentication vlan single-mode “rad1”

   aaa accounting vlan rad1

   ip helpr address 192.168.1.254

   aaa avlan default dhcp 192.168.1.1

   ip helper avlan only

 

   avlan auth-ip 3 10.10.2.80

   no aaa radius-server rad1

   aaa vlan no

   no aaa authentication vlan

   no aaa accounting

********************************************************

 

SLB配置：

*******************************************************

ip slb admin enable

ip slb cluster zbslb vip 192.168.0.234

ip slb server ip 192.168.0.236 cluster zbslb

ip slb server ip 192.168.0.237 cluster zbslb

ip slb probe zbslb_probe1 ping

ip slb cluster zbslb probe zbslb_probe1

ip slb server ip 192.168.0.236 cluster zbslb probe zbslb_probe1

ip slb server ip 192.168.0.237 cluster zbslb probe zbslb_probe1

**********************************************************

 

dhcp relay配置

**********************************************************

ip udp relay

ip helper address 192.168.1.1

ip helper no address 192.168.1.1 (deletes one address)

ip helper no address (delete all address)

ip helper address 192.168.3.1 vlan 3

ip helper address 192.168.4.1 192.168.4.2 vlan 4

ip helper forward delay 15 (set forward delay timer for the bootip/dhcp relay)1-65535

ip helper maximum hops 3 (set the maximum hop count value)1-16

show ip helper

ip helper boot-up enable dhcp

ip helper boot-up enable bootp

show ip helper stats

show ip udp relay service

show ip udp relay statistics

show ip udp relay destination

**********************************************************

-> interfaces 1/1 duplex ?
                        ^
                        HALF FULL AUTO
(Interface Command Set)

-> interfaces 1/23 speed 100
-> interfaces 1/23 speed auto

-> interfaces 1/23 speed 100

来自为知笔记(Wiz)

转载于:https://www.cnblogs.com/sanyuanempire/p/6158979.html